I didn't mean to open a can of worms, but since it's open ...
with script-security 2 added to the client.conf, openvpn starts just
fine with the command systemctl restart [email protected] UNTIL
you add the parameter auth-user-pass to the client.conf
Once that param is added, openvpn refuses to start via systemD though it
starts just fine via sys5
[root@pwyr openvpn]# cd /etc/init.d/
[root@pwyr init.d]# ./openvpn restart
Shutting down openvpn: [ OK ]
Starting openvpn: Enter Auth Username:rrc
Enter Auth Password:
[ OK ]
Since were looking at openvpn, hopefully we can figure out what this is
all about as this param is EXTREMELY important to harden the security of
openvpn
Thanks
Richard
On 11/25/2012 06:18 PM, Colin Guthrie wrote:
'Twas brillig, and Olivier Blin at 25/11/12 23:31 did gyre and gimble:
Colin Guthrie<[email protected]> writes:
'Twas brillig, and Olivier Blin at 25/11/12 15:19 did gyre and gimble:
Colin Guthrie<[email protected]> writes:
1. "systemd-tmpfiles --create" is not run in the %post (before
add-service helper) (note that on cauldron the command must be:
"systemd-tmpfiles --create openvpn.conf"). This means that you'll need a
reboot before openvpn will work on mga2 after installing it.
Hi,
Shouldn't this be done through a rpm filetrigger?
I don't think there is a way to specify which files triggered the file
trigger is there?
Basically we'd need to know the basename of the file that changed, also
there are times when it has to be excluded (e.g. some files should not
be run except at boot).
Looks like this list is available to the script from stdin, see
/var/lib/rpm/filetriggers/httpd.script or
/var/lib/rpm/filetriggers/pear.script
OK good to know.
Sadly the ordering is still wrong as this needs to be run after %pre but
before any calls to %_post_service (i.e. in %post).
As a result I don't think it's really possible to automate this. It
could be added to a filetrigger for "safety" and baked into
%_post_service but it still doesn't cover several corner cases, and I
don't think it's really worth the bother personally.
Col
--
LinuxCabal Asociación Civil
Ing. Richard Couture
Novell CNE, ECNE, MCNE
HP/Compaq ASE
Tel.: (+52) (333) 145-2638
Cel.: (+52) (044) 333 377-7505
Cel.: (+52) (044) 333 377-7506
Web: http://www.LinuxCabal.org
E-Mail: [email protected]
Hosted en la nube Cloud Sigma - www.CloudSigma.com
AVISO DE CONFIDENCIALIDAD: Este correo electrónico, incluyendo en su
caso, los archivos adjuntos al mismo, pueden contener información de
carácter confidencial y/o privilegiada, y se envían a la atención única
y exclusivamente de la persona y/o entidad a quien va dirigido. La
copia, revisión, uso, revelación y/o distribución de dicha información
confidencial sin la autorización por escrito de LinuxCabal está
prohibida. Si usted no es el destinatario a quien se dirige el presente
correo, favor de contactar al remitente respondiendo al presente correo
y eliminar el correo original incluyendo sus archivos, así como
cualesquiera copia del mismo. Mediante la recepción del presente correo
usted reconoce y acepta que en caso de incumplimiento de su parte y/o de
sus representantes a los términos antes mencionados, LinuxCabal tendrá
derecho a los daños y perjuicios que esto le cause.
